<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>kali工具箱</title>
<script src="./static/bootstrap.min.js"></script>
<link rel="stylesheet" href="./static/main.css">
<link rel="stylesheet" href="./static/bootstrap.min.css">
<style type="text/css" id="syntaxhighlighteranchor"></style>
</head>
<main class="main-container ng-scope" ng-view="">
<div class="main receptacle post-view ng-scope">
<article class="entry ng-scope" ng-controller="EntryCtrl" ui-lightbox="">
<section class="entry-content ng-binding" ng-bind-html="postContentTrustedHtml">
<h2> UNIX-privesc检查包装说明</h2><p style="text-align: justify;"> Unix的privesc检查器是在Unix系统上运行（在Solaris 9，HPUX 11，各种Linux版本，FreeBSD的6.2测试）的脚本。它试图发现错误配置，可能允许本地非特权用户提升权限给其他用户或访问本地应用程序（如数据库）。它写成一个shell脚本，因此它可以很容易地上传和运行（相对于非柏油，编译和安装）。它可以运行作为一个普通用户或根（显然它作为根运行时，没有一个更好的工作，因为它可以读取更多的文件）。 </p><p>资料来源：http://pentestmonkey.net/tool​​s/audit/unix-privesc-check <br> <a href="http://pentestmonkey.net/tools/audit/unix-privesc-check" variation="deepblue" target="blank">UNIX-privesc检查首页</a> | <a href="http://git.kali.org/gitweb/?p=packages/unix-privesc-check.git;a=summary" variation="deepblue" target="blank">卡利UNIX-privesc检查回购</a> </p><ul><li>作者：pentestmonkey </li><li>许可：GPL第二版</li></ul><h3>包括在UNIX-privesc检查包装工具</h3><h5> UNIX-privesc检查 - 脚本检查简单的权限提升载体</h5><code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="5c2e3333281c373d3035">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# unix-privesc-check<br>
unix-privesc-check v1.4 ( http://pentestmonkey.net/tools/unix-privesc-check )<br>
<br>
Usage: unix-privesc-check { standard | detailed }<br>
<br>
"standard" mode: Speed-optimised check of lots of security settings.<br>
<br>
"detailed" mode: Same as standard mode, but also checks perms of open file<br>
                 handles and called files (e.g. parsed from shell scripts,<br>
                 linked .so files).  This mode is slow and prone to false<br>
                 positives but might help you find more subtle flaws in 3rd<br>
                 party programs.<br>
<br>
This script checks file permissions and other settings that could allow<br>
local users to escalate privileges.<br>
<br>
Use of this script is only permitted on systems which you have been granted<br>
legal permission to perform a security assessment of.  Apart from this<br>
condition the GPL v2 applies.<br>
<br>
Search the output for the word 'WARNING'.  If you don't see it then this<br>
script didn't find any problems.</code><h3> UNIX-privesc检查用法示例</h3><code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="b8cad7d7ccf8d3d9d4d1">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# unix-privesc-check standard<br>
Assuming the OS is: linux<br>
Starting unix-privesc-check v1.4 ( http://pentestmonkey.net/tools/unix-privesc-check )<br>
<br>
This script checks file permissions and other settings that could allow<br>
local users to escalate privileges.<br>
<br>
Use of this script is only permitted on systems which you have been granted<br>
legal permission to perform a security assessment of.  Apart from this <br>
condition the GPL v2 applies.<br>
<br>
Search the output below for the word 'WARNING'.  If you don't see it then<br>
this script didn't find any problems.<br>
<br>
<br>
############################################<br>
Recording hostname<br>
############################################<br>
kali<br>
<br>
############################################<br>
Recording uname<br>
############################################<br>
Linux kali 3.12-kali1-amd64 #1 SMP Debian 3.12.9-1kali1 (2014-05-13) x86_64 GNU/Linux<br>
<br>
############################################<br>
Recording Interface IP addresses</code><div style="display:none">
<script src="//s11.cnzz.com/z_stat.php?id=1260038378&web_id=1260038378" language="JavaScript"></script>
</div>
</main></body></html>
